1
16.1 Legacy Series / Re: pppoe + unbound
« on: April 05, 2016, 03:01:41 pm »
Just happened, have log. Will send via PM.
And yes, it's 16.1.8.
And yes, it's 16.1.8.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
16.1 Legacy Series / [SOLVED] pppoe + unbound
« on: April 04, 2016, 11:05:36 am »
I have recently switched internet providers, and have implemented pppoe on OPNsense. With the internet provider supplied router in bridge mode, once every day or so a new IP address is issued to OPNsense, which creates a new route entry, which causes Unbound to stop working.
Once a day, when the DNS stops resolving, I simply login to OPNsense and restart Unbound, which restores proper operation, but I am wondering if there is some automated way to handle this situation so that no manual intervention is required?
Once a day, when the DNS stops resolving, I simply login to OPNsense and restart Unbound, which restores proper operation, but I am wondering if there is some automated way to handle this situation so that no manual intervention is required?
3
16.1 Legacy Series / Re: update issue (related to configd)
« on: March 26, 2016, 10:00:13 am »
Excellent, and easy. Updated, will let you know if there are any more glitches. Thanks.
4
16.1 Legacy Series / Re: update issue (related to configd)
« on: March 25, 2016, 11:03:23 am »
Actually, from my experience, when troubleshooting, no question should be considered stupid... However, no, SSH is not enabled.
In addition, in case it is helpful, I have been running the firewall on 16.1 this whole time. On two occasions DNS has stopped working. And, on both occasions, when attempting to log-in to the web interface, after entering credentials, the web page hangs and doesn't respond.
When this happens I can still ping external addresses (8.8.8.8 or 208.67.220.220), but there is no DNS resolution, nor a functioning web interface. So, apparently there is some issue going back to 16.1, at least on the i386 branch.
Now, I will update to the latest version, upgrade Unbound using the links you sent previously, and follow-up if there are issues. Thanks.
In addition, in case it is helpful, I have been running the firewall on 16.1 this whole time. On two occasions DNS has stopped working. And, on both occasions, when attempting to log-in to the web interface, after entering credentials, the web page hangs and doesn't respond.
When this happens I can still ping external addresses (8.8.8.8 or 208.67.220.220), but there is no DNS resolution, nor a functioning web interface. So, apparently there is some issue going back to 16.1, at least on the i386 branch.
Now, I will update to the latest version, upgrade Unbound using the links you sent previously, and follow-up if there are issues. Thanks.
5
16.1 Legacy Series / Re: update issue (related to configd)
« on: March 16, 2016, 01:23:10 pm »
Using i386/OpenSSL.
6
16.1 Legacy Series / Re: update issue (related to configd)
« on: March 16, 2016, 09:58:34 am »
I would be willing to try a snapshot, to alleviate any concerns about updating software going forward, yes.
Concerning the network setup, it's simply 2 LANs, one running a trusted set of machines, and another running an untrusted network and an access point. When the network locks up, all traffic stops, I can't ping the LAN interface from either network, nor anything on the WAN. The only thing possible at that point, is a reboot of the router.
Concerning the network setup, it's simply 2 LANs, one running a trusted set of machines, and another running an untrusted network and an access point. When the network locks up, all traffic stops, I can't ping the LAN interface from either network, nor anything on the WAN. The only thing possible at that point, is a reboot of the router.
7
16.1 Legacy Series / Re: update issue (related to configd)
« on: March 16, 2016, 08:49:10 am »
Ok, so based on your answers, my issues could be a combination of things.
1) DNS thus far, in plain 16.1, works fine. None of the lockups experienced while using 16.1.6, so not sure the issue is Unbound, unless the version changes between 16.1 release and 16.1.6.
2) Can't comment. Haven't had an issue restarting services on 16.1 release.
3) I am using Realtec NICs for LAN/LAN2, but network was locking up on 16.1.6 without IPS enabled. And, the IPS has been working with the current NICs under both pfSense and OPNSense up until the most recent updates. So, not sure the Realtek NICs are an issue in my case.
Again, my issues could be a combination of things. I don't need assistance troubleshooting anything, as it all seems to work in 16.1 with no updates. Just weighing in and letting you guys know that based on my experience, there seems to be a regression introduced in the most recent updates, possibly involving imported pfSense code, in case that helps point to a solution for some of the issues being reported.
Consider my situation resolved, will report back with other issues or insights. Thanks for your help.
1) DNS thus far, in plain 16.1, works fine. None of the lockups experienced while using 16.1.6, so not sure the issue is Unbound, unless the version changes between 16.1 release and 16.1.6.
2) Can't comment. Haven't had an issue restarting services on 16.1 release.
3) I am using Realtec NICs for LAN/LAN2, but network was locking up on 16.1.6 without IPS enabled. And, the IPS has been working with the current NICs under both pfSense and OPNSense up until the most recent updates. So, not sure the Realtek NICs are an issue in my case.
Again, my issues could be a combination of things. I don't need assistance troubleshooting anything, as it all seems to work in 16.1 with no updates. Just weighing in and letting you guys know that based on my experience, there seems to be a regression introduced in the most recent updates, possibly involving imported pfSense code, in case that helps point to a solution for some of the issues being reported.
Consider my situation resolved, will report back with other issues or insights. Thanks for your help.
8
16.1 Legacy Series / Re: update issue (related to configd)
« on: March 16, 2016, 06:03:08 am »
Good question, thanks.
I downloaded an i386 ISO from the website, which was released in January. It's plain 16.1-i386, FreeBSD 10.2-RELEASE-p11, with no updates. The hardware is an old IBM ThinkCentre, which has been running either pfSense or OPNSense for the last 3 years without issue. Granted, it is very dated, but it works for my current needs.
I had installed the original release (15.1?) then have been updating via the web interface since. When these issues started, I downloaded 16.1 release and upgraded from there, and when upgrading the issues return. I have not attempted to install from 16.1.6 or anything newer, I just know that 16.1 with no updates works, and when upgrading to 16.1.6 it breaks.
Using 16.1 release works for me, and I'm simply sharing my experience, in case it helps to pin-point the issue...
I downloaded an i386 ISO from the website, which was released in January. It's plain 16.1-i386, FreeBSD 10.2-RELEASE-p11, with no updates. The hardware is an old IBM ThinkCentre, which has been running either pfSense or OPNSense for the last 3 years without issue. Granted, it is very dated, but it works for my current needs.
I had installed the original release (15.1?) then have been updating via the web interface since. When these issues started, I downloaded 16.1 release and upgraded from there, and when upgrading the issues return. I have not attempted to install from 16.1.6 or anything newer, I just know that 16.1 with no updates works, and when upgrading to 16.1.6 it breaks.
Using 16.1 release works for me, and I'm simply sharing my experience, in case it helps to pin-point the issue...
9
16.1 Legacy Series / update issue (related to configd)
« on: March 15, 2016, 07:03:46 pm »
Greetings. My recent experience, in case it is helpful, troubleshooting an issue that developed after an update...
About 3 days ago I did an update, and noticed while watching the updates download something about pfSense3, which caught my attention, and might ultimately point to an answer... Regardless, since that update, I have experienced very erratic behavior.
Besides the configd lockup issue, which is easily identifiable and fixable on the Lobby page after the most recent update, a few other things have happened. There are frequent lock-ups of the DNS Resolver, even though the status shows active. Restarting the Resolver doesn't help, and sometimes it doesn't restart. In addition, at times the network becomes completely non-responsive, and pages time-out and won't reload, internal and external pings timeout, etc.
I disabled all non-essential services, like the IPS/IDS and Proxy Server, even though no changes have been made and they have been working fine for months. However, the issue persisted. I finally downloaded a fresh 16.1 iso and reinstalled. It worked fine, so I started manually re-configuring the services, and all was well. Then I did an update, and continued configuring services, at which point the same erratic behavior started again. Makes me wonder if the "Serious Issue" post before this one is somehow related.
So, now I have reinstalled a fresh 16.1 again, and will reconfigure services again, but will NOT update until at least after the configd lockup issue is resolved, as it is likely related. Will report back if my non-updated configuration has issues over the next few days. Hopefully this helps...
About 3 days ago I did an update, and noticed while watching the updates download something about pfSense3, which caught my attention, and might ultimately point to an answer... Regardless, since that update, I have experienced very erratic behavior.
Besides the configd lockup issue, which is easily identifiable and fixable on the Lobby page after the most recent update, a few other things have happened. There are frequent lock-ups of the DNS Resolver, even though the status shows active. Restarting the Resolver doesn't help, and sometimes it doesn't restart. In addition, at times the network becomes completely non-responsive, and pages time-out and won't reload, internal and external pings timeout, etc.
I disabled all non-essential services, like the IPS/IDS and Proxy Server, even though no changes have been made and they have been working fine for months. However, the issue persisted. I finally downloaded a fresh 16.1 iso and reinstalled. It worked fine, so I started manually re-configuring the services, and all was well. Then I did an update, and continued configuring services, at which point the same erratic behavior started again. Makes me wonder if the "Serious Issue" post before this one is somehow related.
So, now I have reinstalled a fresh 16.1 again, and will reconfigure services again, but will NOT update until at least after the configd lockup issue is resolved, as it is likely related. Will report back if my non-updated configuration has issues over the next few days. Hopefully this helps...
10
General Discussion / Re: can't boot after power failer
« on: June 26, 2015, 06:24:59 pm »
You may find this helpful: https://forum.opnsense.org/index.php?topic=755.0
11
General Discussion / Re: backup story
« on: June 26, 2015, 06:06:46 pm »
Looks like sharing the backup story started an interesting exchange... It's good that Chris pointed out the root of the problem, and that there are multiple solutions in the works.
Thanks for the addition franco, hopefully others will benefit from it aswell...
Thanks for the addition franco, hopefully others will benefit from it aswell...
12
General Discussion / Re: backup story
« on: June 25, 2015, 05:24:14 am »
Hello franco,
The sync option should work for my use case, as I am currently using a re-purposed ThinkCentre desktop with a standard HDD as a test machine. Thanks for the tip.
Only a week into testing, and didn't have a large amount time invested in configuring OPNsense, so I simply reinstalled and started over fresh.
However, your suggestions on how to recover look promising. In retrospect I should have switched to a backup router and attempted to resolve the issue with your help, to test your suggestions. Next time...
Thanks again for your efforts.
The sync option should work for my use case, as I am currently using a re-purposed ThinkCentre desktop with a standard HDD as a test machine. Thanks for the tip.
Only a week into testing, and didn't have a large amount time invested in configuring OPNsense, so I simply reinstalled and started over fresh.
However, your suggestions on how to recover look promising. In retrospect I should have switched to a backup router and attempted to resolve the issue with your help, to test your suggestions. Next time...
Thanks again for your efforts.
13
General Discussion / backup story
« on: June 24, 2015, 05:58:18 pm »
This afternoon there was a brief power outage. The old UPS that was powering the OPNsense machine, along with a few network devices, immediately powered down. It appears that the old UPS needs a new battery, and a new battery status indicator light...
I installed a new APC UPS and rebooted OPNsense, but the only service that was running was ntpd. All other services, dhcpd, dnsmasq, apinger, and a few others like Proxy were Stopped, and would not Start. The log files of the services showed unusual error messages like missing user accounts, or misconfigured settings, although before the power failure everything was working fine.
It quickly became clear that the power outage had corrupted some files. Rather than troubleshooting a lot of random issues, I decided to simply reinstall and start fresh. Unfortunately I didn't have a backup of the configuration, but it's easy to recreate...
So, that is the story, for what it's worth. The question is, would it be possible to add an APC UPS monitoring package to the OPNsense repository? https://freshports.org/sysutils/apcupsd/
I installed a new APC UPS and rebooted OPNsense, but the only service that was running was ntpd. All other services, dhcpd, dnsmasq, apinger, and a few others like Proxy were Stopped, and would not Start. The log files of the services showed unusual error messages like missing user accounts, or misconfigured settings, although before the power failure everything was working fine.
It quickly became clear that the power outage had corrupted some files. Rather than troubleshooting a lot of random issues, I decided to simply reinstall and start fresh. Unfortunately I didn't have a backup of the configuration, but it's easy to recreate...
So, that is the story, for what it's worth. The question is, would it be possible to add an APC UPS monitoring package to the OPNsense repository? https://freshports.org/sysutils/apcupsd/
14
General Discussion / Re: WISH LIST for OPNsense
« on: June 17, 2015, 11:44:56 am »
Very nice. Thanks for the prompt response, and your efforts...
15
General Discussion / Re: WISH LIST for OPNsense
« on: June 16, 2015, 07:01:25 pm »
How about DNSCrypt?
Currently using OpenWRT router with DNSCrypt package, and a few FreeBSD machines using dnscrypt-proxy pkg with Unbound. Apparently, there is discussion on the PFSense forum of people doing a "pkg install dnscrypt-proxy" from the terminal and getting it setup FreeBSD style, even though it is not currently a PFSense package, but on OPNSense the package is not found in the repository.
I am currently testing the OpenDNS functionality of OPNSense, but there are a lot of DNSCrypt enabled DNS servers out there, other than just OpenDNS, as seen here: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
Just sharing my thoughts, for what it's worth... Great work, by the way.
Currently using OpenWRT router with DNSCrypt package, and a few FreeBSD machines using dnscrypt-proxy pkg with Unbound. Apparently, there is discussion on the PFSense forum of people doing a "pkg install dnscrypt-proxy" from the terminal and getting it setup FreeBSD style, even though it is not currently a PFSense package, but on OPNSense the package is not found in the repository.
I am currently testing the OpenDNS functionality of OPNSense, but there are a lot of DNSCrypt enabled DNS servers out there, other than just OpenDNS, as seen here: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
Just sharing my thoughts, for what it's worth... Great work, by the way.
Pages: [1]